Keeping Your Family Safe, Online: Avoiding CryptoLocker is Key

Brrr… it sure is cold out there! Well, at least for those of us who live in states where this winter has been particularly harsh. For those of us (like me!) who are not snow bunnies, venturing out into these frigid temperatures is not appealing. Whereas there are many worthwhile indoor activities, many people find themselves spending more time watching television, playing video games, or trolling the World Wide Web.

Cybercrime: Online Thieves Hit Target

Given that computers are such an integral part of our lives, this is a good time to take a look at how secure your computer and its contents really are. Many of us have received exaggerated emails, forwarded by friends or family, warning of the latest computer virus. Although such dramatic occurrences do not happen on a regular basis, viruses and other kinds of cybercrime do indeed happen. In mid-December, Target learned that criminals forced their way into their systems and took guest information, including debit and credit card data; as well as the names, mailing addresses, phone numbers and email addresses of their customers. Some of you may have been affected by this serious breach of security as my family was through our online account.

The Buzz About CryptoLocker

No matter what concern you have about your personal information or data, the time to protect your computer is before it is infiltrated. There is no such thing as too much protection or backup for your computer, documents, and email. Recently, there has been a lot of buzz about a type of “ransom ware” called CryptoLocker Trojan. Yet according to technology experts, CryptoLocker Trojan is only an evolution of “ransom ware,” as this type of crime ware can be traced back as far as 1989. Although CryptoLocker, which first appeared in early 2013, is not a revolutionary new ransom ware, it has generated more attention than any of its predecessors. It has built upon similar previous ransom ware programs, yet used new tactics and techniques to extort money from users.

Ransom ware is a type of malware that encrypts files on the system’s hard drive, or restricts access to an infected computer system – demanding that a “ransom” be paid to the creator of the malware for the restriction to be removed, and files decrypted, so they can once again be opened. Referred to as “scare ware,” sometimes the messages displayed on a user’s computer screen can be quite threatening and are intended to be so – intimidating or scaring the user into paying.

Ransom Ware: The Dirty Details

Details of how ransom ware typically works to infect a computer system are disturbing. Ransom ware often enters a computer system when a user clicks on a questionable website or email/attachment, downloads an infected file, or has an unprotected network. It then multiplies as a trojan or conventional computer worm and runs a payload such as one that will begin to encrypt personal files on the hard drive. The ransom ware payloads then display notices that appear to have come from legitimate companies or law enforcement agencies, including the FBI. The notices falsely claim that the system has been used for illegal activities or contains illegal content – for example pornography, and pirated software or media. Some ransom ware payloads even imitate Windows XP’s product activation notices, falsely stating that the user’s computer Windows installation is counterfeit or needs to be reactivated to work effectively. In some cases, the virus uses your webcam to take a picture of you and display it back – even more frightening!

Through a complex system called public-key cryptography, only the malware writer knows the needed private decryption key to lift the “restrictions.” In a common scenario, the cyber-criminals tell you your computer will be permanently locked, or you may even be arrested, if you don’t pay a $200 fine. The ransom ware will demand payment and threaten to delete the “private key” if payment is not received within 3 days. Sometimes ransom prices can reach into four figures. Users must pay to obtain the private key and begin decrypting files, which computer analysts have said is very difficult to repair due to the extremely large key size CryptoLocker uses. It may even be impossible to remove if it locks up your PC.

Virus Alert: Green Dot Moneypack

A frightening example of this form of scare ware was presented in an article by John Matarese, published on the website SearchSecurity as part of the “Don’t Waste Your Money” series. As a woman sat down at her PC early last year, an unknown web page with the FBI logo appeared on her screen – along with an alert stating that she had visited an illegal website. Therefore, she was being locked out of her web access until she paid a $200 fine through a Green Dot Money Pack card.

What aroused her suspicion, though, is the mode by which the “FBI” wanted payment delivered – through a reloadable debit card from a drugstore. It was then that she knew this was online extortion at its worst. Fortunately, the woman and her husband were able to Google search on their smartphones for a way to remove what is being called the “FBI Green Dot Moneypack Virus.”

Recovering from a Computer Virus

Although this couple was fortunate they were able to conduct a self-clean, system restore on their own, this is not always the case in such ransom ware situations. If this happens to you, do not touch your computer or manipulate it in any way until you have searched on another computer for the fix. Better yet, call a computer repair shop for assistance from a trained expert. It is reported by security experts that removing CryptoLocker now requires a full wipe of your hard drive and, therefore, losing all your files.

Stories such as this one remind us that it is very important to be absolutely sure of the email, attachment, downloadable file, or website source with which you are about to interact. It takes just one wrong click to wipe out scores of valuable personal and business data from your computer system. CryptoLocker can even search for files to encrypt on USB sticks and shared network drives. CryptoLocker’s encryption capabilities are much more sophisticated than previous versions of ransom ware and therefore more difficult, if not impossible, to repair and restore.

Any email or online notice from the government is a scam, especially if it does not include your name in the notice. That is not how government agencies such as the FBI or IRS operate. They will not email you or post notices on your computer screen accusing you of wrongdoing, violating laws, or committing a crime. Rather, they will write – or even show up at your door!

Tips to Share with Your Family and Friends:

• Never wire money or pay by Pay Pal, Green Dot card, or any other payment method to a threat. • Never open strange, unexpected attachments to any email you receive. • Put protective measures in place on your computer system to avoid any form of ransom ware or malware in the first place. • Conduct regular computer system backups. • Use a reputable technology company to protect your computers through security-based programming. • Add another layer of authentication to sensitive files, or encrypt and password-protect them.

Businesses usually have protective security measures and defenses in place, including robust spam filters, attachment blocking and multiple layers of security. These type of ransom ware viruses are actually a greater threat to the everyday PC user – to consumers, since often they don’t have those kinds of protection tools. Unfortunately, users facing CryptoLocker likely have few options for successful restoration of their files. While the malware itself can be relatively easily scrubbed from the system, the already-encrypted files will remain encrypted since it is nearly impossible to crack the encryption.

If your computer system does become infected:

• Unplug your computer immediately. On a desktop PC, quick action may limit the damage because it takes time for the malware to encrypt every file it has targeted. • Do not use the infected computer to search for ways to repair the damage. • Contact a computer store or technology expert for restoration assistance.

How Do I Know So Much About This Anyway?

I am thrilled to be a technical writer for Provident Technology, a Philadelphia-based IT company, which also performs computer services remotely. Provident Technology offers solid protection and security through their Managed Services, and is worth looking into for peace of mind. You may think that occasionally backing your computer up on a “zip” drive preserves your data. However, as mentioned above, the files on USB sticks can become encrypted as well. Additionally, zip drives can “go bad” and need replacing.

For my peace of mind, I recently purchased backup and monitoring services for my computer through Provident Technology for a very low monthly fee. With these services in place now, I know that my computer and its data is monitored 24/7, and protected from viruses and cybercrime. I also know that in the unfortunate event that something disastrous should occur, all my data is backed up and I can never lose it. For this writer, having all of the projects I have worked so hard on permanently protected is invaluable!

Have you ever had your computer infected by a virus, or your personal data compromised in another way? If so, what did you do about it? Do you have additional tips for our readers on how to protect your computer system? Please share your thoughts and advice with us!